#
# This is to fix the CVE-2010-5107 security bug.  The bug fix code came from
# OpenSSH and is in version 6.2 of OpenSSH.  When we upgrade OpenSSH to
# version 6.2 or later, we will remove this patch file.
#
--- orig/servconf.c	Wed Feb 27 16:03:18 2013
+++ new/servconf.c	Wed Feb 27 16:10:09 2013
@@ -248,11 +248,11 @@
 	if (options->gateway_ports == -1)
 		options->gateway_ports = 0;
 	if (options->max_startups == -1)
-		options->max_startups = 10;
+		options->max_startups = 100;
 	if (options->max_startups_rate == -1)
-		options->max_startups_rate = 100;		/* 100% */
+		options->max_startups_rate = 30;		/* 30% */
 	if (options->max_startups_begin == -1)
-		options->max_startups_begin = options->max_startups;
+		options->max_startups_begin = 10;
 	if (options->max_authtries == -1)
 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
 	if (options->max_sessions == -1)
--- orig/sshd_config	Wed Feb 27 16:05:01 2013
+++ new/sshd_config	Wed Feb 27 16:11:50 2013
@@ -104,7 +104,7 @@
 #ClientAliveCountMax 3
 #UseDNS yes
 #PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
 
--- orig/sshd_config.5	Wed Feb 27 16:04:36 2013
+++ new/sshd_config.5	Wed Feb 27 16:15:03 2013
@@ -745,7 +745,7 @@
 Additional connections will be dropped until authentication succeeds or the
 .Cm LoginGraceTime
 expires for a connection.
-The default is 10.
+The default is 10:30:100.
 .Pp
 Alternatively, random early drop can be enabled by specifying
 the three colon separated values